Malicious PDF — malware analysis report

Static analysis result for SHA-256 b5890cdd321206fc…

MALICIOUS

PDF

1.6 KB Created: 2018-09-04 13:20:01 +03:00 Authoring application: dompdf + CPDF
MD5: 75960d9ac18c896be3b9990c77636d34 SHA-1: a2b10d37857c1708068bcea1065c42634bda49d8 SHA-256: b5890cdd321206fce8ea3390319b8eed5d0afc553dfff3157a370cc63a7c9bbb
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF document contains a message impersonating an invoice, urging the recipient to download it. The embedded URL 'http://kosel.com.tr/For-Check' is likely intended to deliver a malicious payload. ClamAV also identified this file as Pdf.Dropper.Agent-9238419-0, indicating its dropper functionality.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-9238419-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-9238419-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kosel.com.tr/For-Check

Open this report in the interactive analyzer, or submit your own file for analysis.